Adding web server authentication


#1

We use discourse as an internal wiki at our company. Our discourse is of course private and users require an invite before they can sign up and then sign in. But we want to add an extra layer of security. How would I go about adding something like Apache’s web server authentication?


(Jay Pfaffman) #2

It would be much better to configure your server to require login and allow anyone with your email domain to sign up (and SSO would be better still).

If a tech at my company put a password like that to even see the login page, I would actively work to see that they lost their job.

If you want an “extra layer of security” then you can do that with network routing policies, not by annoying everyone in your company every time they need to access the site.


(Markus) #3

Indeed. 2FA would also work as “extra layer of security”.

You can compare this with a lost door key (password) and someone who knows the suitable lock (user name). There is nearly no security, until you’ll set up some gatekeepers :wink: